security issue of Linux sudo command?

security linux permissions sudo

Solution 1:

It is not a security hole, at least no more than su is.

sudo is just of way for an administrator for having a quick root access without using a root shell (which can be dangerous).

sudo just requires the user to enter his own password and will indeed give him root access (try $ sudo whoami). However, not everyone should be in the /etc/sudoers file.

If you take a look at sudo manpage, you'll find how to limit sudo to some simple commands.

You can for instance, only allow the user bob to execute $ sudo poweroff without allowing him to do $ sudo cat /etc/shadow.

So no, it's not a security hole if you configure and use it correctly. If you don't want your users to have a root shell, think of forbidding commands like $ sudo su.

Solution 2:

If it were a security hole, sudo would have been taken down already. It's intentional, you can configure it to require the user's password, the root's password or no password at all..

Because only the root can configure it anyways, there's no security hole. The root configures who has access to it, who has to put in which password, for each user, for each group.

Also, about the last part: "since users other than root could run with root privilege": That's the whole point of the sudo program.

Related

How to generate an ASCII representation of a Unix file hierarchy?
Can I restore accidentally deleted crontab entries?
Windows Server Downgrade
Any reason to use a rack-mountable server if I lack a rack to mount it on?
Nginx SSL not working
Can a Multi core CPU be configured to allow the OS to the see the cores as a single CPU
Best use for old server hardware?
How can I block Spotify on our company network?
Is running a nightly IISReset outdated?
How can I tell what files a process has open?
Bash: mv directory one at a time
Determine the free file space in Linux